Arndt's comments

ietf-wg-wimse · Oct 12, 2024 · 701797c · 701797c
1 parent 4e465ed
commit 701797c
Showing 1 changed file with 17 additions and 6 deletions.
diff --git a/draft-ietf-wimse-s2s-protocol.md b/draft-ietf-wimse-s2s-protocol.md
@@ -495,20 +495,31 @@ The two options for protecting the workload's traffic vary with respect to imple
 complexity, extensibility and security. Here is a summary of the main differences between
 {{dpop-esque-auth}} and {{http-sig-auth}}.
 
-- The DPoP-inspired solution is less HTTP-specific, making it easier to adapt for other protocols beyond HTTP. This flexibility is particularly valuable for asynchronous communication scenarios, such as event-driven systems.
+- The DPoP-inspired solution is less HTTP-specific, making it easier to adapt for
+other protocols beyond HTTP. This flexibility is particularly valuable for
+asynchronous communication scenarios, such as event-driven systems.
 
--    Message Signatures, on the other hand, benefit from an existing RFC with established implementations. This existing groundwork means that this option could be simpler to deploy.
+- Message Signatures, on the other hand, benefit from an existing RFC with
+established implementations. This existing groundwork means that this option could
+be simpler to deploy.
 
--    Given that the WIT (Web Interaction Token) is a type of JWT, the DPoP-inspired approach is less complex and technology-intensive than Message Signatures. In contrast, Message Signatures introduce additional layers of technology, potentially increasing the complexity of the overall system.
+- Given that the WIT (Workload Identity Token) is a type of JWT, the
+DPoP-inspired approach is less complex and technology-intensive than Message
+Signatures. In contrast, Message Signatures introduce additional layers of
+technology, potentially increasing the complexity of the overall system.
 
--    Message Signatures offer superior integrity protection, particularly by mitigating message modification by middleboxes.
+- Message Signatures offer superior integrity protection, particularly by mitigating
+message modification by middleboxes.
 
--    A key advantage of Message Signatures is that they support response signing.
+- A key advantage of Message Signatures is that they support response signing.
 This opens up the possibility for future decisions about whether to make
 response signing mandatory, allowing for flexibility in the specification
 and/or in specific deployment scenarios.
 
--    In general, Message Signatures provide greater flexibility compared to the DPoP-inspired approach. The draft (and subsequent implementations) can decide whether specific aspects of message signing, such as coverage of particular fields, should be mandatory or optional.
+- In general, Message Signatures provide greater flexibility compared to
+the DPoP-inspired approach. The draft (and subsequent implementations) can decide
+whether specific aspects of message signing, such as coverage of particular fields,
+should be mandatory or optional.
 
 # Using Mutual TLS for Service To Service Authentication {#mutual-tls}